If enabled within firewall rules, which of the following services would present the GREATEST risk?
An IS auditor assessing the controls within a newly implemented call center would First
Which of the following is the MOST appropriate testing approach when auditing a daily data flow between two systems via an automated interface to confirm that it is complete and accurate?
Which of the following is a challenge in developing a service level agreement (SLA) for network services?
Which of the following is the BEST way to help ensure new IT implementations align with enterprise architecture (EA) principles and requirements?
Which of the following should be performed FIRST before key performance indicators (KPIs) can be implemented?
An IS auditor is reviewing documentation of application systems change control and identifies several patches that were not tested before being put into production. Which of the following is the MOST significant risk from this situation?
Which of the following is MOST important for an IS auditor to look
for in a project feasibility study?
When reviewing a data classification scheme, it is MOST important for an IS auditor to determine if.
Management receives information indicating a high level of risk associated with potential flooding near the organization's data center within the next few years. As a result, a decision has been made to move data center operations to another facility on higher ground. Which approach has been adopted?
Which of the following is the PRIMARY advantage of using visualization technology for corporate applications?
Which of the following issues associated with a data center's closed-circuit television (CCTV) surveillance cameras should be of MOST concern to an IS auditor?
Which of the following would MOST effectively help to reduce the number of repealed incidents in an organization?
Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?
Which of the following presents the GREATEST challenge to the alignment of business and IT?
Which of the following is MOST important for an IS auditor to determine during the detailed design phase of a system development project?
An IS auditor is reviewing logical access controls for an organization's financial business application Which of the following findings should be of GREATEST concern to the auditor?
An IS auditor is reviewing the installation of a new server. The IS auditor's PRIMARY objective is to ensure that
An IS auditor has found that a vendor has gone out of business and the escrow has an older version of the source code. What is the auditor's BEST recommendation for the organization?
Which of the following is the BEST way to mitigate the risk associated with unintentional modifications of complex calculations in end-user computing (EUC)?
What is the PRIMARY benefit of an audit approach which requires reported findings to be issued together with related action plans, owners, and target dates?
Which of the following BEST helps to ensure data integrity across system interfaces?
Which of the following should be the FRST step when developing a data toes prevention (DIP) solution for a large organization?
The BEST way to provide assurance that a project is adhering to the project plan is to:
An IS auditor notes that not all security tests were completed for an online sales system recently promoted to production. Which of the following is the auditor's BEST course of action?
While evaluating the data classification process of an organization, an IS auditor's PRIMARY focus should be on whether:
An organization has partnered with a third party to transport backup drives to an offsite storage facility. Which of the following is MOST important before sending the drives?
Which of the following is the GREATEST risk associated with security patches being automatically downloaded and applied to production servers?
Which of the following should be the GREATEST concern for an IS auditor assessing an organization's disaster recovery plan (DRP)?
Which of the following findings should be of GREATEST concern to an IS auditor reviewing an organization s newly implemented online security awareness program'?
Which of the following is the BEST way to enforce the principle of least privilege on a server containing data with different security classifications?
Which of the following is the BEST reason to implement a data retention policy?
Which of the following should an IS auditor expect to see in a network vulnerability assessment?
What is the GREATEST concern for an IS auditor reviewing contracts for licensed software that executes a critical business process?
The BEST way to evaluate the effectiveness of a newly developed application is to:
Which of the following management decisions presents the GREATEST risk associated with data leakage?
Which of the following is MOST important for an IS auditor to confirm when reviewing an organization's plans to implement robotic process automation (RPA> to automate routine business tasks?
Which of the following is the MOST significant risk that IS auditors are required to consider for each engagement?
During the planning phase of a data loss prevention (DLP) audit, management expresses a concern about mobile computing. Which of the following should the IS auditor identity as the associated risk?
During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?
Which of the following should be of GREATEST concern for an IS auditor reviewing an organization's disaster recovery plan (DRP)?
Which of the following is MOST critical for the effective implementation of IT governance?
Which of the following would be the MOST useful metric for management to consider when reviewing a project portfolio?
Which of the following is MOST important when implementing a data classification program?
A warehouse employee of a retail company has been able to conceal the theft of inventory items by entering adjustments of either damaged or lost stock items lo the inventory system. Which control would have BEST prevented this type of fraud in a retail environment?
An IS auditor has completed the fieldwork phase of a network security review and is preparing the initial following findings should be ranked as the HIGHEST risk?
A review of an organization’s IT portfolio revealed several applications that are not in use. The BEST way to prevent this situation from recurring would be to implement.
A company has implemented an IT segregation of duties policy. In a role-based environment, which of the following roles may be assigned to an application developer?
An organization allows its employees lo use personal mobile devices for work. Which of the following would BEST maintain information security without compromising employee privacy?
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
An audit has identified that business units have purchased cloud-based applications without IPs support. What is the GREATEST risk associated with this situation?
An organization is disposing of a system containing sensitive data and has deleted all files from the hard disk. An IS auditor should be concerned because:
When verifying the accuracy and completeness of migrated data for a new application system replacing a legacy system. It is MOST effective for an IS auditor to review;
Which of the following features of a library control software package would protect against unauthorized updating of source code?
What is the PRIMARY purpose of documenting audit objectives when preparing for an engagement?
Which of the following would BEST help to ensure that potential security issues are considered by the development team as part of incremental changes to agile-developed software?
An IS auditor has discovered that a software system still in regular use is years out of date and no longer supported the auditee has stated that it will take six months until the software is running on the current version. Which of the following is the BEST way to reduce the immediate risk associated with using an unsupported version of the software?
During an audit of an organization's risk management practices, an IS auditor finds several documented IT risk acceptances have not been renewed in a timely manner after the assigned expiration date When assessing the seventy of this finding, which mitigating factor would MOST significantly minimize the associated impact?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities. Which of the following is the BEST recommendation by the IS auditor?
in a controlled application development environment, the MOST important segregation of duties should be between the person who implements changes into the production environment and the:
Which of the following is the BEST way to ensure that business continuity plans (BCPs) will work effectively in the event of a major disaster?
Which of the following controls BEST ensures appropriate segregation of duties within an accounts payable department?
An IS auditor reviewing the threat assessment tor a data center would be MOST concerned if:
An audit identified that a computer system is not assigning sequential purchase order numbers to order requests. The IS auditor is conducting an audit follow-up to determine if management has reserved this finding. Which of two following is the MOST reliable follow-up procedure?
Which of the following provides the BEST providence that outsourced provider services are being properly managed?
An IS auditor reviewing security incident processes realizes incidents are resolved and closed, but root causes are not investigated. Which of the following should be the MAJOR concern with this situation?
An externally facing system containing sensitive data is configured such that users have either read-only or administrator rights. Most users of the system have administrator access. Which of the following is the GREATEST risk associated with this situation?
An IS auditor discovers that an IT organization serving several business units assigns equal priority to all initiatives, creating a risk of delays in securing project funding Which of the following would be MOST helpful in matching demand for projects and services with available resources in a way that supports business objectives?
Which of the following is MOST important to determine during the planning phase of a cloud-based messaging and collaboration platform acquisition?
An IS auditor plans to review all access attempts to a video-monitored and proximity card-controlled communications room. Which of the following would be MOST useful to the auditor?
Which of the following applications has the MOST inherent risk and should be prioritized during audit planning?
When designing a data analytics process, which of the following should be the stakeholder's role in automating data extraction and validation?
Management has learned the implementation of a new IT system will not be completed on time and has requested an audit. Which of the following audit findings should be of GREATEST concern?
Which of the following is the MOST important responsibility of data owners when implementing a data classification process?
When assessing a proposed project for the two-way replication of a customer database with a remote call center, the IS auditor should ensure that:
Which of the following should be the PRIMARY role of an internal audit function in the management of identified business risks?
An IS auditor is verifying the adequacy of an organization's internal controls and is concerned about potential circumvention of regulations. Which of the following is the BEST sampling method to use?
An auditee disagrees with a recommendation for corrective action that appears in the draft engagement report. Which of the following is the IS auditor's BEST course of action when preparing the final report?
Which of following areas is MOST important for an IS auditor to focus on when reviewing the maturity model for a technology organization?
An IS auditor is conducting an IT governance audit and notices many initiatives are managed informally by isolated project managers. Which of the following recommendations would have the GREATEST impact on improving the maturity of the IT team?
Which of the following is the MOST important reason for an IS auditor to examine the results of a post-incident review performed after a security incident?
Which of the following audit procedures would provide the BEST assurance that an application program is functioning as designed?
An IS auditor is performing a follow-up audit for findings identified in an organization's user provisioning process Which of the following is the MOST appropriate population to sample from when testing for remediation?
An IS auditor is evaluating the access controls for a shared customer relationship management (CRM) system. Which of the following would be the GREATEST concern?
Which of the following is an IS auditor's BEST recommendation for mitigating risk associated with inadvertent disclosure of sensitive information by employees?
Which of the following is the PRIMARY reason an IS auditor should discuss observations with management before delivering a final report?
Which of the following is the BEST point in time to conduct a post-implementation review?
A bank has a combination of corporate customer accounts (higher monetary value) and small business accounts (lower monetary value) as part of online banking. Which of the following is the BEST sampling approach for an IS auditor to use for these accounts?
An IS auditor is asked to review an organization's technology relationships, interfaces, and data. Which of the following enterprise architecture (EA) areas is MOST appropriate this review? (Choose Correct answer and give explanation from CISA Certification - Information Systems Auditor official book)
A company requires that all program change requests (PCRs) be approved and all modifications be automatically logged. Which of the following IS audit procedures will BEST determine whether unauthorized changes have been made to production programs?
Which of the following is the MOST important consideration for a contingency facility?
Which of the following should an IS auditor recommend be done FIRST when an organization is made aware of a new regulation that is likely to impact IT security requirements?
When physical destruction IS not practical, which of the following is the MOST effective means of disposing of sensitive data on a hard disk?
Which of the following is the BEST method to delete sensitive information from storage media that will be reused?
An IS auditor Is renewing the deployment of a new automated system Which of the following findings presents the MOST significant risk?
Which of the following would minimize the risk of losing transactions as a result of a disaster?
An IS auditor discovers from patch logs that some in-scope systems are not compliant with the regular patching schedule. What should the auditor do NEXT?
An IS auditor finds ad hoc vulnerability scanning is in place with no clear alignment to the organization's wider security threat and vulnerability management program.
Which of the following would BEST enable the organization to work toward improvement in this area?
Which of the following metrics is the BEST indicator of the performance of a web application
Which of the following biometric access controls has the HIGHEST rate of false negatives?
Which of the following would BEST indicate the effectiveness of a security awareness training program?
Which of the following is the MAJOR advantage of automating internal controls?
Which of the following is MOST likely to be a project deliverable of an agile software development methodology?
Which of the following is the MOST effective method of destroying sensitive data stored on electronic media?
An IS auditor is assigned to review the IS department s quality procedures. Upon contacting the IS manager, the auditor finds that there is an informal unwritten set of standards Which of the following should be the auditor's NEXT action1?
An organization is concerned with meeting new regulations for protecting data confidentiality and asks an IS auditor to evaluate their procedures for transporting data. Which of the
following would BEST support the organization's objectives?
Which of following is MOST important to determine when conducting a post-implementation review?
Which of the following BEST describes the role of a document owner when implementing a data classification policy in an organization?
Which of the following should be considered when examining fire suppression systems as part of a data center environmental controls review?
Which of the following is an IS auditor's BEST recommendation to mitigate the risk of eavesdropping
associated with an application programming interface (API) integration implementation?
Which of the following is the BEST way to foster continuous improvement of IS audit processes and practices?
Which of the following is MOST important for an IS auditor to confirm when reviewing an organization's incident response management program?
An IS auditor reviewing a job scheduling tool notices performance and reliability problems. Which of the following is MOST likely affecting the tool?
Which of the following is the PRIMARY objective of implementing privacy-related controls within an organization?
Which of the following is the PRIMARY reason for an IS audit manager to review the work performed by a senior IS auditor prior to presentation of a report?
Which of the following be of GREATEST concern to an IS auditor reviewing on-site preventive maintenance for an organization’s business-critical server hardware?
An IT strategic plan that BEST leverages IT in achieving organizational goals will include:
Which of the following poses the GREATEST risk to an organization when employees use public social networking sites?
An IS auditor discovers a box of hard drives in a secured location that are overdue for physical destruction. The vendor responsible for this task was never made aware of these hard drives.
Which of the following is the BEST course of action to address this issue?
When reviewing a project to replace multiple manual data entry systems with an artificial intelligence (Al) system, the IS auditor should be MOST concerned with the impact Al will have on
Which of the following is the GREATEST benefit of adopting an international IT governance framework rather than establishing a new framework based on the actual situation of a specific organization1?
Which of the following is the BEST compensating control against segregation of duties conflicts in new code development?
An organization is considering allowing users to connect personal devices to the corporate network. Which of the following should be done FIRST?
Which of the following BEST demonstrates to senior management and the board that an audit function is compliant with standards and the code of ethics?
Which of the following is the GREATEST risk associated with storing customer data on a web server?
What is the Most critical finding when reviewing an organization’s information security management?
Which of the following is the MOST important determining factor when establishing appropriate timeframes for follow-up activities related to audit findings?
During an exit interview, senior management disagrees with some of me facts presented m the draft audit report and wants them removed from the report. Which of the following would be the auditor's BEST course of action?
Which of the following conditions would be of MOST concern to an IS auditor assessing the risk of a successful brute force attack against encrypted data at test?
Which of the following findings should be of GREATEST concern for an IS auditor when auditing the effectiveness of a phishing simu-lation test administered for staff members?
Which of the following activities would allow an IS auditor to maintain independence while facilitating a control sell-assessment (CSA)?
Which of the following documents should specify roles and responsibilities within an IT audit organization?
An organization has recently implemented a Voice-over IP (VoIP) communication system. Which ot the following should be the IS auditor's PRIMARY concern?
Due to system limitations, segregation of duties (SoD) cannot be enforced in an accounts payable system. Which of the following is the IS auditor's BEST recommendation for a compensating control?
The performance, risks, and capabilities of an IT infrastructure are BEST measured using a:
An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives. Which of the following findings should be the IS auditor's GREATEST concern?
Which of the following findings from an IT governance review should be of GREATEST concern?
An IS auditor performs a follow-up audit and learns the approach taken by the auditee to fix the findings differs from the agreed-upon approach confirmed during the last audit. Which of the following should be the auditor's NEXT course of action?
Following a security breach in which a hacker exploited a well-known vulnerability in the domain controller, an IS audit has been asked to conduct a control assessment. the auditor's BEST course of action would be to determine if:
An internal audit department recently established a quality assurance (QA) program. Which of the following activities Is MOST important to include as part of the QA program requirements?
In an online application, which of the following would provide the MOST information about the transaction audit trail?
During an IT governance audit, an IS auditor notes that IT policies and procedures are not regularly reviewed and updated. The GREATEST concern to the IS auditor is that policies and procedures might not:
Which of the following is the MOST important reason to classify a disaster recovery plan (DRP) as confidential?
Which of the following is the BEST source of information for an IS auditor to use as a baseline to assess the adequacy of an organization's privacy policy?
An organization with many desktop PCs is considering moving to a thin client architecture. Which of the following is the MAJOR advantage?
An IS audit learn is evaluating the documentation related to the most recent application user-access review performed by IT and business management It is determined that the user list was not system-generated. Which of the following should be the GREATEST concern?
An organization is planning an acquisition and has engaged an IS auditor lo evaluate the IT governance framework of the target company. Which of the following would be MOST helpful In determining the effectiveness of the framework?
Which of the following is an example of a preventative control in an accounts payable system?
While auditing a small organization's data classification processes and procedures, an IS auditor noticed that data is often classified at the incorrect level. What is the MOST effective way for the organization to improve this situation?
Which of the following would BEST manage the risk of changes in requirements after the analysis phase of a business application development project?
An organization has assigned two now IS auditors to audit a now system implementation. One of the auditors has an IT-related degree, and one has a business degree. Which ol the following is MOST important to meet the IS audit standard for proficiency?
Which of the following is the BEST audit procedure to determine whether a firewall is configured in compliance with the organization's security policy?
An organization that has suffered a cyber-attack is performing a forensic analysis of the affected users' computers. Which of the following should be of GREATEST concern for the IS auditor reviewing this process?
Which of the following should be an IS auditor's GREATEST concern when an international organization intends to roll out a global data privacy policy?
Due to limited storage capacity, an organization has decided to reduce the actual retention period for media containing completed low-value transactions. Which of the following is MOST important for the organization to ensure?
An IS auditor is reviewing an organization's primary router access control list. Which of the following should result in a finding?
Which of the following is the MOST important activity in the data classification process?
A third-party consultant is managing the replacement of an accounting system. Which of the following should be the IS auditor's GREATEST concern?
Which of the following would be an appropriate rote of internal audit in helping to establish an organization's privacy program?
Which of the following would lead an IS auditor to conclude that the evidence collected during a digital forensic investigation would not be admissible in court?
An IS auditor finds that an organization's data loss prevention (DLP) system is configured to use vendor default settings to identify violations. The auditor's MAIN concern should be that:
A month after a company purchased and implemented system and performance monitoring software, reports were too large and therefore were not reviewed or acted upon The MOST effective plan of action would be to:
An organization was recently notified by its regulatory body of significant discrepancies in its reporting data. A preliminary investigation revealed that the discrepancies were caused by problems with the organization's data quality Management has directed the data quality team to enhance their program. The audit committee has asked internal audit to be advisors to the process. To ensure that management concerns are addressed, which data set should internal audit recommend be reviewed FIRST?
Which of the following is MOST important to consider when scheduling follow-up audits?
An information systems security officer's PRIMARY responsibility for business process applications is to:
Which of the following would be of MOST concern for an IS auditor evaluating the design of an organization's incident management processes?
Which of the following Is the BEST way to ensure payment transaction data is restricted to the appropriate users?
Which of the following represents the HIGHEST level of maturity of an information security program?
Due to a recent business divestiture, an organization has limited IT resources to deliver critical projects Reviewing the IT staffing plan against which of the following would BEST guide IT management when estimating resource requirements for future projects?
Which of the following will MOST likely compromise the control provided By a digital signature created using RSA encryption?
A manager Identifies active privileged accounts belonging to staff who have left the organization. Which of the following is the threat actor In this scenario?
An organization plans to receive an automated data feed into its enterprise data warehouse from a third-party service provider. Which of the following would be the BEST way to prevent accepting bad data?
The due date of an audit project is approaching, and the audit manager has determined that only 60% of the audit has been completed. Which of the following should the audit manager do FIRST?
Which of the following is MOST helpful for measuring benefits realization for a new system?
A new regulation in one country of a global organization has recently prohibited cross-border transfer of personal data. An IS auditor has been asked to determine the organization's level of exposure In the affected country. Which of the following would be MOST helpful in making this assessment?
The waterfall life cycle model of software development is BEST suited for which of the following situations?
A now regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification. Which of the following is the IS auditor’s BEST recommendation to facilitate compliance with the regulation?
The PRIMARY reason for an IS auditor to use data analytics techniques is to reduce which type of audit risk?
Which of the following BEST Indicates that an incident management process is effective?
After the merger of two organizations, which of the following is the MOST important task for an IS auditor to perform?
Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (lDS)?
Which of the following environments is BEST used for copying data and transformation into a compatible data warehouse format?
When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:
The BEST way to determine whether programmers have permission to alter data in the production environment is by reviewing:
During a follow-up audit, it was found that a complex security vulnerability of low risk was not resolved within the agreed-upon timeframe. IT has stated that the system with the identified vulnerability is being replaced and is expected to be fully functional in two months Which of the following is the BEST course of action?
Which of the following findings should be of GREATEST concern to an IS auditor performing a review of IT operations?
Which of the following is the MAIN purpose of an information security management system?
Which of the following would provide an IS auditor with the GREATEST assurance that data disposal controls support business strategic objectives?
Which of the following would be MOST effective to protect information assets in a data center from theft by a vendor?
What Is the BEST method to determine if IT resource spending is aligned with planned project spending?
A credit card company has decided to outsource the printing of customer statements It Is MOST important for the company to verify whether:
Which of the following BEST facilitates the legal process in the event of an incident?
Which of the following would BEST enable an organization to address the security risks associated with a recently implemented bring your own device (BYOD) strategy?
Which of the following is necessary for effective risk management in IT governance?
The implementation of an IT governance framework requires that the board of directors of an organization:
Which of the following is MOST important for an IS auditor to review when evaluating the accuracy of a spreadsheet that contains several macros?
An IS auditor wants to determine who has oversight of staff performing a specific task and is referencing the organization's RACI chart. Which of the following roles within the chart would provide this information?
Which of the following is the PRIMARY advantage of parallel processing for a new system implementation?
IS management has recently disabled certain referential integrity controls in the database management system (DBMS) software to provide users increased query performance. Which of the following controls will MOST effectively compensate for the lack of referential integrity?
One benefit of return on investment (ROI) analysts in IT decision making is that it provides the:
Which of the following would be to MOST concern when determine if information assets are adequately safequately safeguarded during transport and disposal?
Which of the following MOST effectively minimizes downtime during system conversions?
Which of the following is MOST important with regard to an application development acceptance test?
When an intrusion into an organization network is deleted, which of the following should be done FIRST?
What is BEST for an IS auditor to review when assessing the effectiveness of changes recently made to processes and tools related to an organization's business continuity plan (BCP)?
Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?
An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?
A new regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification. Which of the following is the IS auditor's BEST recommendation to facilitate compliance with the regulation?
Which of the following BEST ensures the quality and integrity of test procedures used in audit analytics?
A proper audit trail of changes to server start-up procedures would include evidence of:
Which of the following is the MOST effective way to maintain network integrity when using mobile devices?
Spreadsheets are used to calculate project cost estimates. Totals for each cost category are then keyed into the job-costing system. What is the BEST control to ensure that data is accurately entered into the system?
An IS auditor finds the log management system is overwhelmed with false positive alerts. The auditor's BEST recommendation would be to:
Management is concerned about sensitive information being intentionally or unintentionally emailed as attachments outside the organization by employees. What is the MOST important task before implementing any associated email controls?
Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following is the IS auditor's BEST recommendation?
Which of the following is the MOST important prerequisite for the protection of physical information assets in a data center?
An IS audit reveals that an organization is not proactively addressing known vulnerabilities. Which of the following should the IS auditor recommend the organization do FIRST?
During an ongoing audit, management requests a briefing on the findings to date. Which of the following is the IS auditor's BEST course of action?
An IS auditor notes the transaction processing times in an order processing system have significantly increased after a major release. Which of the following should the IS auditor review FIRST?
Which of the following is the BEST way to mitigate the impact of ransomware attacks?
During the implementation of an upgraded enterprise resource planning (ERP) system, which of the following is the MOST important consideration for a go-live decision?
Secure code reviews as part of a continuous deployment program are which type of control?
Which of the following is the BEST method to prevent wire transfer fraud by bank employees?
During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST
When evaluating the design of controls related to network monitoring, which of the following is MOST important for an IS auditor to review?
Which of the following is the BEST way to address segregation of duties issues in an organization with budget constraints?
Which of the following is the BEST control to prevent the transfer of files to external parties through instant messaging (IM) applications?
An IS auditor has found that an organization is unable to add new servers on demand in a cost-efficient manner. Which of the following is the auditor's BEST recommendation?
Which of the following is the MOST effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines?
A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization. Which of the following is MOST effective in detecting such an intrusion?
Which of the following is the MOST effective control to mitigate unintentional misuse of authorized access?
During a new system implementation, an IS auditor has been assigned to review risk management at each milestone. The auditor finds that several risks to project benefits have not been addressed. Who should be accountable for managing these risks?
Which audit approach is MOST helpful in optimizing the use of IS audit resources?
In a 24/7 processing environment, a database contains several privileged application accounts with passwords set to never expire. Which of the following recommendations would BEST address the risk with minimal disruption to the business?
Which of the following is an audit reviewer's PRIMARY role with regard to evidence?
Which of the following is the PRIMARY concern when negotiating a contract for a hot site?
Which of the following should be an IS auditor's PRIMARY focus when developing a risk-based IS audit program?
An incorrect version of the source code was amended by a development team. This MOST likely indicates a weakness in:
An IS auditor will be testing accounts payable controls by performing data analytics on the entire population of transactions. Which of the following is MOST important for the auditor to confirm when sourcing the population data?
An IS auditor who was instrumental in designing an application is called upon to review the application. The auditor should:
Which of the following is MOST important for an effective control self-assessment (CSA) program?
While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed with the audit function. In order to resolve the situation, the IS auditor's BEST course of action would be to:
In a small IT web development company where developers must have write access to production, the BEST recommendation of an IS auditor would be to:
Which of the following strategies BEST optimizes data storage without compromising data retention practices?
Which of the following is the BEST method to safeguard data on an organization's laptop computers?
Which of the following is the MOST important reason to implement version control for an end-user computing (EUC) application?
An IS auditor has been asked to assess the security of a recently migrated database system that contains personal and financial data for a bank's customers. Which of the following controls is MOST important for the auditor to confirm is in place?
During an external review, an IS auditor observes an inconsistent approach in classifying system criticality within the organization. Which of the following should be recommended as the PRIMARY factor to determine system criticality?
An IS auditor is reviewing an organization's information asset management process. Which of the following would be of GREATEST concern to the auditor?
An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization s objectives?
Which of the following would be a result of utilizing a top-down maturity model process?
What is MOST important to verify during an external assessment of network vulnerability?
Which of the following components of a risk assessment is MOST helpful to management in determining the level of risk mitigation to apply?
The decision to accept an IT control risk related to data quality should be the responsibility of the:
An IS auditor is planning an audit of an organization's accounts payable processes. Which of the following controls is MOST important to assess in the audit?
When implementing Internet Protocol security (IPsec) architecture, the servers involved in application delivery:
An IS auditor is examining a front-end subledger and a main ledger. Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?
Which of the following would BEST determine whether a post-implementation review (PIR) performed by the project management office (PMO) was effective?